Subject: [PATCH v2 0/5] LSM: Multiple concurrent LSMs
Version 2 of the patchset addresses:
1. The lsm_set functions did not handle error cases.
The on demand allocation has been replaced with a
more robust scheme within the security_alloc hooks.
This requires more change in security/security.c
but has the advantage of being more likely to be
correct.
2. reset_security_ops() didn't work, causing a panic
on invocation. That's been fixed. The change is
somewhat invasive relative to the functionality.
3. Add registration time detection of LSMs that are
going to use hooks that can't (currently) be shared.
Provide a backward compatible mechanism for using
multiple LSMs on the same running kernel. If an LSM is
not modified to use the interfaces provided in the new
include/linux/lsm.h header lsm_get and lsm_set that
LSM may not participate in stacking, although it will
work just fine in the traditional one at a time way.
As David Howells suggested some time back, making Smack and
SELinux available at that same time has proven quite a
challenge. That work has been deferred and that particular
configuration disallowed.
Performance measurement is in the early stages. The Smack
tests run within the noise with AppArmor, TOMOYO and Yama
enabled in addition to Smack.
This patch set is divided into 5 parts. The first is the
infrastructure and the last 4 make the various LSMs able
to work in the composed environment. Yama, which does not
use LSM security blobs, required no change and gets in free.
The Smack LSM behavior has been tested. AppArmor, TOMOYO,
Yama and SELinux have been shown to boot, but have not been
functionally tested beyond the lack of obvious error messages
and complaints from kernel debugging facilities. The kernels
have been tested with Ubuntu 12.04 and Fedora 17.
include/linux/lsm.h | 274 +++++++
include/linux/security.h | 37 +-
security/Kconfig | 67 +-
security/apparmor/context.c | 10 +-
security/apparmor/domain.c | 8 +-
security/apparmor/include/context.h | 15 +-
security/apparmor/lsm.c | 39 +-
security/capability.c | 223 ++++++
security/inode.c | 51 +-
security/security.c | 1385
+++++++++++++++++++++++++++++------
security/selinux/hooks.c | 333 +++++----
security/selinux/include/objsec.h | 2 +
security/selinux/include/xfrm.h | 2 +-
security/selinux/netlabel.c | 13 +-
security/selinux/selinuxfs.c | 6 +-
security/selinux/xfrm.c | 9 +-
security/smack/smack.h | 14 +-
security/smack/smack_access.c | 2 +-
security/smack/smack_lsm.c | 307 ++++----
security/smack/smackfs.c | 92 ++-
security/tomoyo/common.h | 6 +-
security/tomoyo/domain.c | 2 +-
security/tomoyo/securityfs_if.c | 9 +-
security/tomoyo/tomoyo.c | 33 +-
24 files changed, 2361 insertions(+), 578 deletions(-)
--
To unsubscribe from this list: send the line "unsubscribe
linux-security-module" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html